Cisco NX-OS Software Netstack Denial of Service (CVE-2019-1599)

A vulnerability in the network stack of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on the affected device. The vulnerability is due to an issue with allocating and freeing memory buffers in the network stack. An attacker could...

CVE-2023-21635

Memory Corruption in Data Network Stack & Connectivity when sim gets detected on telephony...

CVE-2023-21635

CVE-2023-21635 shows a memory corruption issue in the Data Network Stack & Connectivity when a SIM is detected during telephony. Multiple sources describe this as a buffer copy without size checking in Qualcomm closed-source components, leading to potential impact on confidentiality, integrity, a...

PT-2023-18298 · Qualcomm · Snapdragon +50

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns a memory corruption problem in the Data Network Stack & Connectivity component when a SIM card is detected on the telephony system...

Qualcomm Chipsets 缓冲区错误漏洞

Qualcomm Chipsets are a series of chipsets from Qualcomm, an American company. The Qualcomm Chipsets have a security vulnerability that stems from a memory corruption issue in Network Stack and Connectivity when a SIM card is detected in a phone call...

Design/Logic Flaw

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In version 2023.01 and prior, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used...

CVE-2023-33973

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

CVE-2023-33974

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

Race condition

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

Design/Logic Flaw

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send crafted frames to the device to trigger the usage of an uninitialized object leading to denial of service. This issu...

CVE-2023-33975

RIOT-OS 6LoWPAN network stack vulnerability: in 2023.01 and earlier, an attacker can send a crafted frame causing an out-of-bounds write in the packet buffer, potentially corrupting packets and allocator metadata, leading to denial of service or arbitrary code execution if allocator metadata is m...

CVE-2023-33974 RIOT-OS vulnerable to Race Condition in SFR Timeout

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send multiple crafted frames to the device to trigger a race condition. The race condition invalidates assumptions...

CVE-2023-33974

RIOT-OS vulnerability CVE-2023-33974 affects the 6LoWPAN frame handling in RIOT-OS before 2023.01. A race condition can be triggered by multiple crafted frames sent to the device, causing an invalid memory access and resulting in a denial of service. The issue is mitigated by the patch in pull re...

CVE-2023-33973 RIOT-OS vulnerable to NULL pointer dereference during NHC encoding

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. In versions 2023.01 and prior, an attacker can send a crafted frame which is forwarded by the device. During encoding of the packet a NULL pointer dereference...

CVE-2023-33973

RIOT-OS contains a flaw in its 6LoWPAN processing within the GNRC network stack. In versions 2023.01 and prior, an attacker can send a crafted frame that is forwarded by the device; during encoding of the packet a NULL pointer dereference occurs, crashing the device and causing a denial of servic...

CVE-2023-24825

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device to trigger a NULL pointer dereference leading to denial of service. This issue is fixe...

CVE-2023-24817

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

Integer overflow

RIOT-OS, an operating system for Internet of Things IoT devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2023.04, an attacker can send a crafted frame to the device resulting in an integer underflow and out of bounds access in the packet buffer...

CVE-2023-24826

CVE-2023-24826 affects RIOT-OS on IoT devices with its 6LoWPAN-capable network stack. Before version 2023.04, an attacker can send crafted frames that trigger the use of an uninitialized object, causing a denial of service. The issue is fixed in version 2023.04. A workaround is to disable fragmen...

CVE-2023-24825

RIOT-OS’s 6LoWPAN frame handling in the GNRC network stack is vulnerable to a NULL pointer dereference when processing crafted frames. This affects versions prior to 2023.04 and can lead to denial of service. The issue is fixed in version 2023.04; there are no known workarounds. Upgrade to 2023.0...